lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAJ4OZUntK6gMDSYOoCPoRL15LjA2wEr-zOuHs3SYUMHsgVqc5Q@mail.gmail.com>
Date: Mon, 6 Oct 2014 16:36:46 +0200
From: Erik-Paul Dittmer <epdittmer@...italmisfits.com>
To: bugtraq <bugtraq@...urityfocus.com>
Subject: Multiple Vulnerabilities in Draytek Vigor 2130

VIGOR 2130 (firmware < 1.5.4.9)

1.1. Command injection in traceroute functionality

A user can execute arbitrary commands (RCE) on the router by abusing the
traceroute functionality. The interface expects an IP address as input,
but does not validate the input. Just provide the input:
; id
The above outputs the current user id.

1.2. CSRF (Cross-Site Request Forgery)

No anti-CSRF measurements in place. This means that an attacker can
setup a web page which, when visited by a victim who is logged in into
the VIGOR 2130 web-interface, can perform operations onto the
web-interface

1.3. Service runs as root
The web service is running as root.

Timetable:

2014-09-26 : Vender released patches (private and unverified) to their customers
2014-07-22 : Vendor states that most of the vulns. are patched
2014-07-08 : Vendor notified customers with large deployments
2014-06-30 : Response of Vendor
2014-06-24 : Notified Vendor

Researchers:
Victor van der Veen (vvdveen@...vu.nl) / Erik-Paul Dittmer
(epdittmer@...italmisfits.com)

- - - - - - - - - - - - - - - - - - - - - - - - -
Digital Misfits does not accept any liability for any errors,
omissions, delays of receipt or viruses in the contents of this
message which arise as a result of e-mail transmission.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ